The solution that gamead...@127001.org gave was correct. For DNS DRDoS
reflection attacks, the best plan is to have your upstream apply an ACL
that whitelists the couple of DNS servers that you use and blocks all
other traffic from port 53 to your network. Your ISP should be able to
do this for little or no cost. Null-routing is not usually required for
this type of attack unless your upstream's overall network capacity is
less than 10G.
DNS DRDoS attacks are one of the most common and easiest (thankfully)
types to filter. Other DRDoS attacks can be a little harder to filter,
and there are non-reflected attacks that are yet more difficult to
block, requiring advanced string-matching rules upstream or other
specialized techniques.
-John
On 1/11/2013 4:09 AM, ics wrote:
Most of us have experienced ddos attacks like that and yes nullrouting is the
only protection so the whole network isn't affected. There is no protection
against that without paying huge sums of money. Those are not an option to
small communities.
-ics
----- Alkuperäinen viesti -----
We've had incoming DNS query reply attacks over several Gbit/sec. Any
non-pro gaming community like ours can't defend against such floods of
data.
All you can do is have your IP's null-routed and wait till the attack
dies out.
Saint K.
________________________________________
From: hlds_linux-boun...@list.valvesoftware.com
[hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Sachin Sud
[sudsac...@gmail.com] Sent: 11 January 2013 11:42 To: Half-Life
dedicated Linux server mailing list Subject: Re: [hlds_linux] Servers
get attacked via DDoS
@127001 ( Some Pin code) .Orrgy
Do i really care?
Its better you start protecting your servers before its too late!
Don't waste your time !:)
On Fri, Jan 11, 2013 at 4:06 PM, <gamead...@127001.org> wrote:
Just because they're well known doesn't make them immune to
configuration cockups... one solution might be to get your host to
firewall all incoming from port 53 except for stuff coming from your
hosts' DNS servers (or google's, or whoever) - that won't help if the
bandwidth is going to overwhelm your host's core router, but it WILL
help in cases where it's flooding out your uplink
@Sachin Sud:
Perhaps you could actually be constructive? Despite saying you didn't
want to spam the list, your two contributions have been "lol" and a
post that essentially says "I think your approach is wrong but I'm not
going to give any details whatsoever"
-----Original Message-----
From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux-
boun...@list.valvesoftware.com] On Behalf Of Marco Padovan
Sent: 11 January 2013 10:32
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] Servers get attacked via DDoS
yes, the attacks is exactly that...
but those are not just "broken dns",i even saw some *well known* IT
names into the "attackers".
Il 11/01/2013 11.16, Arnim Eijkhoudt ha scritto:
Haha,
I hope you're joking. Almost none of your questions are remotely
relevant to this type of attack. DNS reflection attacks can only be
effectively mitigated upstream. The structural solution,
unfortunately, is educating/informing the admins of the broken DNS
servers (short of just bluntly increasing the bandwidth capacity of
the affected server(s) and 'sitting it out').
See also: http://blog.cloudflare.com/65gbps-ddos-no-problem
€0,02
On 11-1-2013 10:52, Sachin Sud wrote:
My intensions are not to spam this mail list.
But if you guys are comfortable , you need to answer few
questions
by
which
i can help you better to get saved from ddos attacks.
Which country are you from?
How many game servers you host?
How often the attack happens?
Is it specific to any particular game?
Which OS you have on server?
What kind of firewall you use , in case if you use any
And last question How much money you spend monthly on servers (
Based on
your location, i can recommend some ddos protection if required )
Thanks,
Sachin
_______________________________________________
To unsubscribe, edit your list preferences, or view the list
archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list
archives, please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
